diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 5fe9849840..cd17f9d02d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -843,6 +843,11 @@ #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) && \ + MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH >= 256 +#error "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH must be less than 256" +#endif + #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ !defined(MBEDTLS_X509_CRT_PARSE_C) #error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites" diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 1c60ec8e49..2bf24a0f68 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1541,6 +1541,15 @@ */ //#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +/** + * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH + * + * Size in bytes of a ticket nonce. This is not used in TLS 1.2. + * + * This must be less than 256. + */ +#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 + /** * \def MBEDTLS_SSL_PROTO_DTLS * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7893edd130..e665ec1b7b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -98,6 +98,8 @@ /* Error space gap */ /** Processing of the Certificate handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 +/** Received NewSessionTicket Post Handshake Message */ +#define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00 /* Error space gap */ /* Error space gap */ /* Error space gap */ @@ -333,6 +335,13 @@ #define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1 #define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0 +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SHA384_C) +#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 48 +#elif defined(MBEDTLS_SHA256_C) +#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 32 +#endif /* MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ /* * Default range for DTLS retransmission timer value, in milliseconds. * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. @@ -649,7 +658,7 @@ typedef enum MBEDTLS_SSL_FLUSH_BUFFERS, MBEDTLS_SSL_HANDSHAKE_WRAPUP, MBEDTLS_SSL_HANDSHAKE_OVER, - MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, + MBEDTLS_SSL_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, @@ -1171,6 +1180,17 @@ struct mbedtls_ssl_session uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) + uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ + uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ + unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN]; + +#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) + mbedtls_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time ticket was received */ +#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_CLI_C */ + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ #endif diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fb0b709979..dbef29b3f9 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5288,6 +5288,50 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_RENEGOTIATION */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_check_new_session_ticket( mbedtls_ssl_context *ssl ) +{ + + if( ( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) ) || + ( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ) ) + { + return( 0 ); + } + + ssl->keep_current_message = 1; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "NewSessionTicket received" ) ); + mbedtls_ssl_handshake_set_state( ssl, + MBEDTLS_SSL_NEW_SESSION_TICKET ); + + return( MBEDTLS_ERR_SSL_WANT_READ ); +} +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) +{ + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "received post-handshake message" ) ); + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + int ret = ssl_tls13_check_new_session_ticket( ssl ); + if( ret != 0 ) + return( ret ); + } +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ + + /* Fail in all other cases. */ + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* This function is called from mbedtls_ssl_read() when a handshake message is * received after the initial handshake. In this context, handshake messages * may only be sent for the purpose of initiating renegotiations. @@ -5298,7 +5342,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) * TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read(). */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) +static int ssl_tls12_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -5380,18 +5424,39 @@ static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ( ret = mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_WARNING, MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) { return( ret ); } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } return( 0 ); } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl ) +{ + /* Check protocol version and dispatch accordingly. */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 ) + { + return( ssl_tls13_handle_hs_message_post_handshake( ssl ) ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( ssl->tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 ) + { + return( ssl_tls12_handle_hs_message_post_handshake( ssl ) ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + + /* Should never happen */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} /* * Receive application data decrypted from the SSL layer diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7fa6443a02..2405208547 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -3627,7 +3627,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && ssl->handshake->new_session_ticket != 0 ) { - ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET; + ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; } #endif @@ -3704,7 +3704,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) * Finished */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: + case MBEDTLS_SSL_NEW_SESSION_TICKET: ret = ssl_parse_new_session_ticket( ssl ); break; #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 2b68306f0b..183b6ee066 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1876,6 +1876,243 @@ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) return( 0 ); } +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl, + const unsigned char *buf, + const unsigned char *end ) +{ + const unsigned char *p = buf; + + ((void) ssl); + + while( p < end ) + { + unsigned int extension_type; + size_t extension_data_len; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 ); + extension_type = MBEDTLS_GET_UINT16_BE( p, 0 ); + extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 ); + p += 4; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len ); + + switch( extension_type ) + { + case MBEDTLS_TLS_EXT_EARLY_DATA: + MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) ); + break; + + default: + break; + } + p += extension_data_len; + } + + return( 0 ); +} + +/* + * From RFC8446, page 74 + * + * struct { + * uint32 ticket_lifetime; + * uint32 ticket_age_add; + * opaque ticket_nonce<0..255>; + * opaque ticket<1..2^16-1>; + * Extension extensions<0..2^16-2>; + * } NewSessionTicket; + * + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_parse_new_session_ticket( mbedtls_ssl_context *ssl, + unsigned char *buf, + unsigned char *end, + unsigned char **ticket_nonce, + size_t *ticket_nonce_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *p = buf; + mbedtls_ssl_session *session = ssl->session; + size_t ticket_len; + unsigned char *ticket; + size_t extensions_len; + + *ticket_nonce = NULL; + *ticket_nonce_len = 0; + /* + * ticket_lifetime 4 bytes + * ticket_age_add 4 bytes + * ticket_nonce_len 1 byte + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 9 ); + + session->ticket_lifetime = MBEDTLS_GET_UINT32_BE( p, 0 ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "ticket_lifetime: %u", + ( unsigned int )session->ticket_lifetime ) ); + + session->ticket_age_add = MBEDTLS_GET_UINT32_BE( p, 4 ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "ticket_age_add: %u", + ( unsigned int )session->ticket_age_add ) ); + + *ticket_nonce_len = p[8]; + p += 9; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, *ticket_nonce_len ); + *ticket_nonce = p; + MBEDTLS_SSL_DEBUG_BUF( 3, "ticket_nonce:", *ticket_nonce, *ticket_nonce_len ); + p += *ticket_nonce_len; + + /* Ticket */ + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + ticket_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, ticket_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "received ticket", p, ticket_len ) ; + + /* Check if we previously received a ticket already. */ + if( session->ticket != NULL || session->ticket_len > 0 ) + { + mbedtls_free( session->ticket ); + session->ticket = NULL; + session->ticket_len = 0; + } + + if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) ); + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + } + memcpy( ticket, p, ticket_len ); + p += ticket_len; + session->ticket = ticket; + session->ticket_len = ticket_len; + + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 ); + extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 ); + p += 2; + MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "ticket extension", p, extensions_len ); + + ret = ssl_tls13_parse_new_session_ticket_exts( ssl, p, p + extensions_len ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "ssl_tls13_parse_new_session_ticket_exts", + ret ); + return( ret ); + } + + return( 0 ); +} + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_postprocess_new_session_ticket( mbedtls_ssl_context *ssl, + unsigned char *ticket_nonce, + size_t ticket_nonce_len ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_ssl_session *session = ssl->session; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + psa_algorithm_t psa_hash_alg; + int hash_length; + +#if defined(MBEDTLS_HAVE_TIME) + /* Store ticket creation time */ + session->ticket_received = mbedtls_time( NULL ); +#endif + + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( session->ciphersuite ); + if( ciphersuite_info == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); + hash_length = PSA_HASH_LENGTH( psa_hash_alg ); + if( hash_length == -1 || + ( size_t )hash_length > sizeof( session->resumption_key ) ) + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + + MBEDTLS_SSL_DEBUG_BUF( 3, "resumption_master_secret", + session->app_secrets.resumption_master_secret, + hash_length ); + + /* Compute resumption key + * + * HKDF-Expand-Label( resumption_master_secret, + * "resumption", ticket_nonce, Hash.length ) + */ + ret = mbedtls_ssl_tls13_hkdf_expand_label( + psa_hash_alg, + session->app_secrets.resumption_master_secret, + hash_length, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( resumption ), + ticket_nonce, + ticket_nonce_len, + session->resumption_key, + hash_length ); + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 2, + "Creating the ticket-resumed PSK failed", + ret ); + return( ret ); + } + + session->resumption_key_len = hash_length; + + MBEDTLS_SSL_DEBUG_BUF( 3, "Ticket-resumed PSK", + session->resumption_key, + session->resumption_key_len ); + + return( 0 ); +} + +/* + * Handler for MBEDTLS_SSL_NEW_SESSION_TICKET + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_process_new_session_ticket( mbedtls_ssl_context *ssl ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char *buf; + size_t buf_len; + unsigned char *ticket_nonce; + size_t ticket_nonce_len; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) ); + + MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( + ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET, + &buf, &buf_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_new_session_ticket( + ssl, buf, buf + buf_len, + &ticket_nonce, &ticket_nonce_len ) ); + + MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_new_session_ticket( + ssl, ticket_nonce, ticket_nonce_len ) ); + + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); + +cleanup: + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) ); + return( ret ); +} +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = 0; @@ -1956,6 +2193,15 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + case MBEDTLS_SSL_NEW_SESSION_TICKET: + ret = ssl_tls13_process_new_session_ticket( ssl ); + if( ret != 0 ) + break; + ret = MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET; + break; +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d6724dfb11..e8b8b1e3d4 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2645,8 +2645,6 @@ send_request: /* * 7. Read the HTTP response */ - mbedtls_printf( " < Read from server:" ); - fflush( stdout ); /* * TLS and DTLS need different reading styles (stream vs datagram) @@ -2694,6 +2692,18 @@ send_request: ret = 0; goto reconnect; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: + /* We were waiting for application data but got + * a NewSessionTicket instead. */ + mbedtls_printf( " got new session ticket.\n" ); + continue; +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + default: mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret ); @@ -2703,8 +2713,8 @@ send_request: len = ret; buf[len] = '\0'; - mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); - + mbedtls_printf( " < Read from server: %d bytes read\n\n%s", len, (char *) buf ); + fflush( stdout ); /* End of message should be detected according to the syntax of the * application protocol (eg HTTP), just use a dummy test here. */ if( ret > 0 && buf[len-1] == '\n' ) @@ -2767,7 +2777,7 @@ send_request: len = ret; buf[len] = '\0'; - mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); + mbedtls_printf( " < Read from server: %d bytes read\n\n%s", len, (char *) buf ); ret = 0; } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 68a2d778b7..942d705242 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12599,6 +12599,34 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \ 1 \ -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \ + "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache " \ + "$P_CLI debug_level=4" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -c "got new session ticket." \ + -c "HTTP/1.0 200 ok" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ + "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert" \ + "$P_CLI debug_level=4" \ + 0 \ + -c "Protocol is TLSv1.3" \ + -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \ + -c "got new session ticket." \ + -c "HTTP/1.0 200 OK" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 19a1ae6f00..34f4d66c44 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -223,7 +223,7 @@ move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_VERIFY_RE Negative test moving servers ssl to state: NEW_SESSION_TICKET depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0 +move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_NEW_SESSION_TICKET:0 TLS 1.3:Test moving clients handshake to state: ENCRYPTED_EXTENSIONS depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2